In September 2024, Galois Capital, a now defunct crypto hedge fund, settled with the SEC for $225,000 over “custody failures” related to safeguarding clients’ crypto assets. While the amount may seem small, the implications for the Registered Investment Advisor (RIA) community, digital asset industry and custodians are significant.
This case marks a pivotal moment in how digital asset custody is and will be regulated, and signals the SEC’s intention to bring crypto custody further under federal jurisdiction.
The SEC’s release on Galois Capital set forth that the hedge fund failed to ensure crypto assets were held with a qualified custodian, violating the Investment Advisers Act’s Custody Rule. Galois Capital improperly custodied assets at FTX, which held a South Dakota state trust license and was deemed “not a qualified custodian” by the SEC.
When FTX collapsed, customers lost access to their funds that were commingled with FTX’s assets.
The SEC’s Custody Rule has long been in place to protect investors’ funds by mandating RIAs custody funds and assets with a custodian that maintains segregation between client and firm assets. For decades, this rule applied primarily to traditional financial assets, but the rise of digital assets prompted the SEC to highlight its oversight over this new domain.
In 2023, the SEC proposed formal amendments to the Custody Rule to explicitly cover digital assets. While these changes are not yet finalized, the Galois Capital case demonstrates that the SEC is already holding firms accountable for not custodying crypto assets through a qualified custodian.
The message is clear: RIAs (registered investment advisors) managing digital assets must take immediate steps to align with the SEC’s custody standards or face similar disciplinary actions.
This raises the question of what constitutes a “qualified custodian” in the digital asset space? According to the SEC’s Proposed Safeguarding Rule, “A qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant, or certain foreign financial institutions (“FFI”).” Many non-depository trust companies claim on their websites that they are “qualified custodians.” But many fail to specify whether this is a claim under state law or the Investment Advisers Act of 1940/SEC Custody Rule.
Read more: Nathan McCauley – What an SEC Proposal Means for RIAs in Crypto
Unfortunately, there isn’t a clear distinction of what licenses grant “qualified custodian” status under state or federal law as it’s up to the custodian to meet the threshold prescribed in the SEC’s Custody Rule. More concerning, RIAs may only realize they are using a non-qualified custodian when the SEC takes action against them, or the custody provider’s business falters.
This was the case for Prime Trust, a Nevada-chartered trust company that touted itself as a Qualified Custodian dating back to 2019. In 2023, it was found that Prime Trust was using money from customer accounts to cover millions in losses resulting from a combination of account mismanagement and a market downturn. The company would later declare bankruptcy. In the Galois example, FTX’s South Dakota state trust license came under the SEC’s scrutiny only after clients’ funds were lost.
Ultimately, the strength of any custodial license is only as strong as regulators’ abilities to oversee the actions of the custodian, putting the burden of due diligence squarely on the RIA.
For RIAs managing digital assets, the Galois Capital settlement offers several clear takeaways:
Review Custody Arrangements: Custody standards, and the licenses that uphold them, are changing. Review current relationships to understand the requirements your custodial partner is required to follow, and the strength of the associated regulatory body.
Where Would You Keep Your Money?: Seek out custodians considered the ‘gold standard’ in the eyes of the law, or those that are held accountable by the resources federal agencies bring to the table.
Reassess Self-Custody Risk: We know the mantra: not your keys, not your coins. Self-custodying assets introduces risks such as human error, and may no longer be a viable option as federal oversight increases.
While the Galois Capital case highlights the potential pitfalls of improper custody practices, it also presents an opportunity for RIAs. As the SEC clarifies its expectations around digital asset custody, firms that proactively adopt the “gold standard” of custody can differentiate their digital asset offerings to clients while reducing the risk of SEC enforcement action.
Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.